BSrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SrSrSrSr Sr!Sr"Sr#Sr$Sr%Sr&\\ROS5-\ROS5-\ ROS5-\!ROS5-S-r(SSRS\"\#\$\%\&/5-r*\"\(\*5r+SS /r,S!r-\"\\"5r.\"\\#5r/\"\\$5r0\"\ \%5r1\"\!\&5r2S"r3S#r4S$\Rj"5-S%-S&-S'-r6S$\Rj"5-S(-S)-S*-S+-S,-S--S.-S/-S0-r7S1r8\"S25r9\"S3S4S5\6/S6\90S79r:\"/S8QS6\90S79r;\"S3S4S9\7/S6\90S79r<\"S3S4S:\8/\"S;5\"S<5\9S=.S79r=\"S3S4S:\7/\"S;5\"S>5\"S<5\9S?.S79r>\"S3S4S@\7/\"SASBSC.5\"SD5\9SE.S79r?"SFSG\5r@gH)Iz Implementation of HMAC key management command for GCS. NOTE: Any modification to this file or corresponding HMAC logic should be submitted in its own PR and release to avoid concurrency issues in testing. )absolute_import)division)print_function)unicode_literals)Command)CommandArgument) ApiSelectorCommandException)CreateHelpText)LogCommandParams)PopulateProjectId)GetCloudApiInstance)GcloudStorageFlag)GcloudStorageMap) InsistAscii) shim_utilz= gsutil hmac create [-p ] z1 gsutil hmac delete [-p ] z. gsutil hmac get [-p ] zJ gsutil hmac list [-a] [-l] [-p ] [-u ] zR gsutil hmac update -s (ACTIVE|INACTIVE) [-e ] [-p ] a CREATE The ``hmac create`` command creates an HMAC key for the specified service account: gsutil hmac create test.service.account@test_project.iam.gserviceaccount.com The secret key material is only available upon creation, so be sure to store the returned secret along with the access_id. CREATE OPTIONS The ``create`` sub-command has the following option -p Specify the ID or number of the project in which to create a key. a DELETE The ``hmac delete`` command permanently deletes the specified HMAC key: gsutil hmac delete GOOG56JBMFZX6PMPTQ62VD2 Note that keys must be updated to be in the ``INACTIVE`` state before they can be deleted. DELETE OPTIONS The ``delete`` sub-command has the following option -p Specify the ID or number of the project from which to delete a key. a GET The ``hmac get`` command retrieves the specified HMAC key's metadata: gsutil hmac get GOOG56JBMFZX6PMPTQ62VD2 Note that there is no option to retrieve a key's secret material after it has been created. GET OPTIONS The ``get`` sub-command has the following option -p Specify the ID or number of the project from which to get a key. a LIST The ``hmac list`` command lists the HMAC key metadata for keys in the specified project. If no project is specified in the command, the default project is used. LIST OPTIONS The ``list`` sub-command has the following options -a Show all keys, including recently deleted keys. -l Use long listing format. Shows each key's full metadata excluding the secret. -p Specify the ID or number of the project from which to list keys. -u Filter keys for a single service account. a UPDATE The ``hmac update`` command sets the state of the specified key: gsutil hmac update -s INACTIVE -e M42da= GOOG56JBMFZX6PMPTQ62VD2 Valid state arguments are ``ACTIVE`` and ``INACTIVE``. To set a key to state ``DELETED``, use the ``hmac delete`` command on an ``INACTIVE`` key. If an etag is set in the command, it will only succeed if the provided etag matches the etag of the stored key. UPDATE OPTIONS The ``update`` sub-command has the following options -s Sets the state of the specified key to either ``ACTIVE`` or ``INACTIVE``. -e If provided, the update will only be performed if the specified etag matches the etag of the stored key. -p Specify the ID or number of the project in which to update a key.  z z You can use the ``hmac`` command to interact with service account `HMAC keys `_. The ``hmac`` command has five sub-commands: INACTIVEACTIVEz%a, %d %b %Y %H:%M:%S GMTc.[U<SU<SU<35$)N z= requires an Access ID to be specified as the last argument. r ) command_name subcommandsynopsiss &platform/gsutil/gslib/commands/hmac.py_AccessIdExceptionrs Z+ ,,ctS SjnSUR-nX!"SUR5- nX!"SUR5- nX!"SUR5- nX!"SURR [ 55- nX!"SURR [ 55- nX!"SURS S 9- nU$) z4Format the key metadata for printing to the console.c6SnSX0S-U4-nU(aUS- nU$)z=Format the metadata name-value pair into two aligned columns.z %-*s %s:r)namevaluenew_linewidthinfo_strs r FormatInfo&_KeyMetadataOutput..FormatInfos, EeCZ77H$h OrzAccess ID %s: StatezService AccountProjectz Time CreatedzTime Last UpdatedEtagF)r&)T) accessIdstateserviceAccountEmail projectId timeCreatedstrftime _TIME_FORMATupdatedetag)metadatar)messages r_KeyMetadataOutputr9s  1 1 1' Z 00' Z)8+G+G HH' Z 8#5#5 66' Z ,,55lCEE' Z+ ((11,?AA' Z  >>' .rz--format=value[separator="z"](z-format("Access ID: {}", metadata.accessId),z"format("Secret: {}", secret))z%"](format("Access ID {}:", accessId),z,format(" State: {}", state),z:format(" Service Account: {}", serviceAccountEmail),z0format(" Project: {}", projectId),z$format(" Time Created: {}",z9 timeCreated.date(format="%a',' %d %b %Y %H:%M:%S GMT")),z$format(" Time Last Updated: {}",z5 updated.date(format="%a',' %d %b %Y %H:%M:%S GMT")),z+format(" Etag: {}", etag))zW--format=table[no-heading](format("{} {:<12} {}",accessId, state, serviceAccountEmail))z --projectstoragehmaccreate-pgcloud_commandflag_map)r:r;deletedescribelistz--allz--service-account)-a-ur=z--long)rD-lrEr=updatez --activatez --deactivate)rrz--etag)-s-er=c^\rSrSrSr\R "SSSSSS\R/\R\ \ R"5/\ R"5/\ R"5/\ R"5/\ R"5/S.S 9 r \R"S/S S \\\\\\S.S 9rU4S jrSSjrSSjrSSjrSSjrSSjrSrSrU=r$) HmacCommandiz&Implementation of gsutil hmac command.r;z ae:lp:s:u:Tr<rAgetrCrG) min_argsmax_argssupported_sub_args file_url_okurls_start_arggs_api_supportgs_default_apiusage_synopsisargparse_arguments command_helpz-CRUD operations on service account HMAC keys.) help_namehelp_name_aliases help_typehelp_one_line_summary help_textsubcommand_help_textc>URSS:Xa!SUR;a[S[00S9nO$[[[[ [ [S.0S9n[TU]%U5$)NrrCrFr>)r<rArGrOrC) argsrLIST_COMMAND_LONG_FORMATCREATE_COMMANDDELETE_COMMANDUPDATE_COMMAND GET_COMMAND LIST_COMMANDsuperget_gcloud_storage_args)selfgcloud_storage_map __class__s rri#HmacCommand.get_gcloud_storage_args<sn yy|v$$))"3+ ":; ,&&& "    7 *+= >>rcUR(aURSUlO+Sn[UURUR[ 4-5e[ XS9nURURURSS9n[S<SSURR<35 [S <SSUR<35 g ) z'Creates HMAC key for a service account.rzI%s %s requires a service account to be specified as the last argument. %s thread_stategsproviderz Access ID:12rzSecret:N) raservice_account_emailr raction_subcommand_CREATE_SYNOPSISr CreateHmacKey project_idprintr7r.secret)rjrperr_msg gsutil_apiresponses r_CreateHmacKeyHmacCommand._CreateHmacKeyPs yy#'99Q> yy))A,i t00$2H2H/ 11%TEJ''(1(, (, 15 (7H  X &'rcURRSS9[R:wa [ S5eUR R S5UlURSS9 [URS9 SUl SUl S Ul S UlSUlUR(awURHgupUS :XaX l MUS :Xa[!US 5 X lM-US :XaX l M;US:Xa SUl MJUS:Xa SUlMYUS:XdMaX lMi UR"(d[%S5UlUR&UR(UR*UR,UR.S.nURU;a([ SUR<SUR0<S35e[UR/S9 X0R"5 g)z)Command entry point for the hmac command.rqrrz9The "hmac" command can only be used with the GCS JSON APIrT) check_args)sub_optsNFrEr=z/Invalid non-ASCII character found in project IDrHrDrFrIrNzInvalid subcommand "z " for the z! command. See "gsutil help hmac".) subcommands)r}GetApiSelectorr JSONr rapoprv ParseSubOptsr rrur/rrr6rryrrrrrrr)rjoamethod_for_args r RunCommandHmacCommand.RunCommands %%t%4 8H8HH  E GG"YY]]1-D&dmm,!%DDJDMDNDI }}--$! 9'( $ $Y aJ K/ $Y* $Y$- $Y$. $Y) ??)$/do%%%%""%% N ^3 "44d6G6GI JJ$"8"8!9:))*, r)rvr6rryrurr/)N)__name__ __module__ __qualname____firstlineno____doc__rCreateCommandSpecr r _SYNOPSISr%MakeZeroOrMoreCloudOrFileURLsArgument command_specHelpSpec_DETAILED_HELP_TEXT_create_help_text_delete_help_text_get_help_text_list_help_text_update_help_text help_specrirrrrrr__static_attributes__ __classcell__)rls@rrKrKs.** %!&&' %%$JJLM$JJLM!GGIJ"HHJK$JJLM ,&L#%%!%   )?(5( H (E0(26 6 rrKN)Ar __future__rrrr gslib.commandrgslib.command_argumentrgslib.cs_api_mapr gslib.exceptionr gslib.help_providerr gslib.metricsr gslib.project_idrgslib.utils.cloud_api_helperrgslib.utils.shim_utilrrgslib.utils.text_utilr gslib.utilsrrwrrrr_CREATE_DESCRIPTION_DELETE_DESCRIPTION_GET_DESCRIPTION_LIST_DESCRIPTION_UPDATE_DESCRIPTIONlstriprr _DESCRIPTIONrrr4rrrrrrr9get_format_flag_newline_CREATE_COMMAND_FORMAT_DESCRIBE_COMMAND_FORMAT_LIST_COMMAND_SHORT_FORMAT _PROJECT_FLAGrcrdrfrgrbrerKr#rrrsU'%'!2(,.*.<32-! "  (2 0 7 7 = =  ! !$ '(*8*?*?*EF  $ $T *+-34   ii   %Y ="H-* "#35HI"#35HI /?@ 1BC"#35HI, .7#;;=>@EFIJ?? !9#D#D#FF+,34BB8 8 , , B B,,>>3 3-"+. !vx1GH m "1N&*M,$% vz3KLM "$  vv/IJ( 34 ,vv/GH() 34 "vx1IJ &*  h '   L 'L r